The National Security Agency (NSA) headquarters at Fort Meade, Maryland.
The National Security Agency (NSA) headquarters at Fort Meade, Maryland. - 
Listen To The Story

One of the most respected cybersecurity firms in the business, RSA, has reportedly accepted money from the NSA to push a flawed security product. This latest news comes from a report by Joseph Menn, an investigative reporter with Reuters. It's connected to earlier revelations about the National Security Agency building back doors into encryption to help its surveillance programs, which has had even the most capable cryptologists very worried.  

The new report cites two unnamed sources that say the NSA gave $10 million to the cybersecruity firm in order to make a random number generator (often used in encryption) the default security setting in the product. Since RSA is a trusted security source, it was effectively an arrangement--paid for by the spy agency -- for the company to help establish the flawed encryption tool to be accepted by thousands of people who were building software. Some of the sources speaking to Menn said that RSA wasn't fully aware of what it was doing, but the suggestion is that the company should have known better, having a history of fighting things like the government's Clipper Chip

RSA released a statement in response, which Ars Technica called a non-denying denial. It is interesting to read through it and try to parse the language; the part with the words "categorically deny" could refer to the suggestion that the contract with the NSA was "secret," or that there was a contract, or even that the flaw was known. 

However you feel about the report or the response from the RSA (the NSA declined comment), the story brings an uncomfortable truth to light: for years, the NSA has worked in concert with cybersecurity experts. That's a good thing when it comes to national security--the U.S. government has expertise in the area of fighting a broad spectrum of cybercrime that has a very real impact on Americans. But as revelations about secret government surveillance continue, questions grow about whether online security is totally broken -- and who, exactly, can help fix it. 

As a nonprofit news organization, Marketplace is on a mission that drives what we do every day: to increase economic intelligence across the country. But we can’t do it alone. Become a Marketplace Investor today, in whatever amount you choose, and your donation will go twice as far, thanks to a dollar-for-dollar match from The Kendeda Fund.

Become a Marketplace Investor today – in whatever amount is right for you – and keep public service journalism strong. We’re grateful for your support.

Follow Ben Johnson at @@TheBrockJohnson